def auto_login():
auto_creds = request.args.get("data")
ip = request.environ.get('HTTP_X_REAL_IP', request.remote_addr)
sdao = SessionDao()
session = sdao.get_auto_login_key(auto_creds, ip)
sdao.close()
if isinstance(session, str):
resp = make_response(redirect("/login"))
resp.set_cookie("error", session)
return resp
es = EncryptionService()
decrypted_creds = es.decrypt(session[6], session[7], session[8]).split(":")
udao = UserDao()
user = udao.auto_login(decrypted_creds[0], decrypted_creds[1])
udao.close()
if not user:
resp = make_response(redirect("/login"))
return resp
resp = make_response(render_template("loginsetup.html", redirect="/main"))
resp.set_cookie("user", decrypted_creds[0])
resp.set_cookie("sk", decrypted_creds[1])
return resp
def test_update_session_key(self):
# Adding of session key
user = User(3, "Not", "Needed", "Data", 12345678, 12345678, 0, 0)
sdao = SessionDao(db_name="mocked_db.db")
sdao.update_session_key(user, "127.0.0.1")
sdao.conn.commit()
connection = sqlite3.connect("mocked_db.db")
cursor = connection.cursor()
cursor.execute("SELECT ID FROM User_Session \
WHERE USER_ID = ?", (user.id,))
result = cursor.fetchall()
self.assertEqual(1, len(result))
# Updating of session key
cursor.execute("SELECT SESSION_KEY FROM User_Session \
WHERE USER_ID = ?", (user.id,))
prev_key = cursor.fetchone()[0]
sdao.update_session_key(user, "127.0.0.1")
sdao.conn.commit()
cursor.execute("SELECT SESSION_KEY FROM User_Session \
WHERE USER_ID = ?", (user.id,))
new_key = cursor.fetchone()[0]
self.assertNotEqual(prev_key, new_key)
# Tidy up
cursor.execute("DELETE FROM User_Session \
WHERE USER_ID = ?", (3,))
cursor.close()
connection.close()
sdao.close()
def test_check_session_exists(self):
sdao = SessionDao(db_name="mocked_db.db")
# Good session
session = sdao.check_session_exists(1, "127.0.0.1")
self.assertTrue(session)
# Bad user id
session = sdao.check_session_exists(2, "127.0.0.1")
self.assertFalse(session)
# Bad ip
session = sdao.check_session_exists(1, "127.0.0.2")
self.assertFalse(session)
# Bad user id and ip
session = sdao.check_session_exists(True, "127.0.0.2")
self.assertFalse(session)
sdao.close()
def _test_enable_auto_login_helper(self, user_id, ip):
sdao = SessionDao(db_name="mocked_db.db")
sdao.enable_auto_login(user_id, ip)
sdao.conn.commit()
sdao.close()
connection = sqlite3.connect("mocked_db.db")
cursor = connection.cursor()
cursor.execute("SELECT AUTOLOGIN FROM User_Session \
WHERE USER_ID = ? AND IP = ?", (user_id, ip))
result = cursor.fetchone()
cursor.close()
connection.close()
return result[0] if result else None
def login(self, credentials, ip, auto_login):
self.cursor.execute(
"SELECT * FROM Account \
WHERE USERNAME = ? AND EMAIL = ? AND PASSWORD = ?",
(credentials[0], credentials[1], self.hash_password(
credentials[2])))
record = self.cursor.fetchone()
if record:
user = User(*record)
self.update_last_login(user.id)
sdao = SessionDao(self.cursor)
key = sdao.update_session_key(user, ip)
if auto_login:
sdao.enable_auto_login(user.id, ip)
self.conn.commit()
sdao.close()
return [user, key
] if record else "Password for account credentials inccorect"
def signup(self, credentials, ip, auto_login):
try:
timestamp = datetime.timestamp(datetime.now())
self.cursor.execute(
"INSERT INTO Account (USERNAME, EMAIL, PASSWORD, SIGN_UP_DATE, LAST_SIGN_IN) \
VALUES (?, ?, ?, ?, ?)",
(credentials[0], credentials[1],
self.hash_password(credentials[2]), timestamp, timestamp))
user_id = self.get_user_id_from_name_and_email(
credentials[0], credentials[1])
user = User(user_id, credentials[0], credentials[1],
credentials[2], timestamp, timestamp, 0, 0)
sdao = SessionDao(self.cursor)
key = sdao.update_session_key(user, ip)
if auto_login:
sdao.enable_auto_login(user.id, ip)
self.conn.commit()
sdao.close()
except sqlite3.IntegrityError:
return "Username {} is already taken, please try again.".format(
credentials[0])
return [user, key]
def auto_login_setup():
if request.method == "GET":
user = request.cookies.get("user")
sk = request.cookies.get("sk")
ip = request.environ.get('HTTP_X_REAL_IP', request.remote_addr)
es = EncryptionService()
encryption_info = es.encrypt(user + ":" + sk)
udao = UserDao()
user_id = udao.get_user_id_from_name_and_session_key(user, sk)
udao.close()
sdao = SessionDao()
sdao.store_autologin_details(user_id, ip, encryption_info[0],
encryption_info[1], encryption_info[2])
sdao.close()
resp = make_response(render_template("autologinsetup.html"))
resp.set_cookie("data", encryption_info[2])
return resp
def test_create_session_key(self):
sdao = SessionDao(db_name="mocked_db.db")
key1 = sdao.create_session_key()
key2 = sdao.create_session_key()
self.assertNotEqual(key1, key2)
sdao.close()